Lawful Interception (LI) involves the interception of telecommunications by law enforcement authorities (LEA's) and intelligence services pursuant to local law, due process and authorization from competent authorities. Different countries have different rules with regards to lawful interception; for example, the Communications Assistance for Law Enforcement Act (CALEA) sets forth compliance standards which must be adhered to by all telecom service providers operating in the United States. In general, the LI statutes require a service provider to transparently intercept any communications that occur between end points in their network.
Historically, communications over the Public Switched Telephone Network (PSTN) have been relatively easy to intercept by placing physical wire-taps on the PSTN carrier lines. However, the growth in Voice Over Internet Protocol (VoIP) devices and applications has changed the traditional telecommunication model from one of defined physical links to one where links are dynamic and mobile. In VoIP networks, voice signals are digitized and carried as IP packets over the Internet. Unlike the PSTN voice transmissions, where an end-point is typically associated with a fixed physical location, a VoIP end-point is not constrained to a single physical location, but rather can communicate wherever the end user can gain access to the Internet. VoIP thus allows users to travel anywhere in the world and still make and receive phone calls.
However, some inherent characteristics of the IP network increase the complexity of implementing LI for VoIP networks. While PSTN connections are circuit based, with signals for a given call transferred along a common path to the end-point, the IP network is packet based. Voice communications in a VoIP network are apportioned into packets and forwarded to an end-point, with each packet potentially taking different paths, and arriving out of sequence at the end-point. The particular route that is selected for each packet of an IP telephony transmission is dependent upon a variety of factors, including, for example loading at each of the intermediate device. As such, it is difficult to predict the path and device that a given VoIP packet may traverse en route to its destination.
Because it is difficult to predict the network path that may be used for VoIP communications, it is difficult to protect communications from eavesdroppers. For example, as VoIP communications traverse the Internet, the information exchanged can be intercepted by anyone at any time. Moreover, because of its popularity VoIP has become a soft target for the hackers. In the absence of strong security which may include a strong firewall system, hackers may capture sensitive information such as credit card numbers and bank details. They can even launch denial of service attacks and shut down a voice conversation, or send spam or viruses over the internet to disrupt the services.
In order to secure VoIP connections, end-points have begun to encrypt communications through the use of encryption technology and key exchanges or other such peer authentication techniques. When end-point peers encrypt VoIP communications in such a manner, intermediate devices that do not have access to the key information are not able to decrypt the communications to intercept the communications. While this is advantageous for the end-points, it makes it difficult for the service provider to comply with the lawful interception statutes that are in force since intermediate SPs do not have the key. It would be desirable to identify a method an apparatus that would allow end-points to maintain secure connections while enabling service providers to comply with lawful interception statutes.